Execs and users are clamoring for you to biz-enable their iPhones. Here’s how to say "yes" in a rational way

With the release of Apple’s iPhone SDK fast approaching, speculation abounds surrounding Apple's plans for a business-friendly iPhone play. Will the consumer-focused company introduce enterprise-class connectivity and security options for the iPhone? Will the SDK enable third parties to bridge the consumer/business divide?

Until March 6, when the SDK is officially released, the fog of rumor will only get thicker. In the meantime, one thing is clear: iPhone popularity has executives, salespeople, even members of your IT staff hot to connect their iPhones to business resources. And AT&T’s Jan. 21 introduction of an iPhone-based data plan for businesses has them hungry for you to make good on their desires.

Whatever the impending iPhone SDK accomplishes out of the gate, the fact is that most IT organizations can bring the iPhone into their operations easily and with acceptable risk. Yes, instinct and analysts such as Forrester Research caution against such a move. After all, the iPhone is not designed for the enterprise and does have deficits IT should be concerned about. But a strict “no iPhone policy” is likely to drive users to perform more dangerous hacks, such as setting up Google and Yahoo accounts as way stations to connect to enterprise assets -- contacts and e-mail, in particular.

Instead, investigate what is possible before establishing your iPhone policy. And remember: Apple updated the iPhone software several times in its first six months, fixing some significant deficits that early reviews pointed out. No panacea, but such updates may mean the iPhone has fewer business-oriented caveats than you initially thought.

But where to begin gearing up the iPhone for business? How can you satisfy executive demands to make the iPhone fit for corporate essentials? For those looking to get a jump on business-enabling the iPhone, here’s a handy guide on what’s currently possible, and how to get it done. (Note that everything here applies to the iPhone’s voiceless cousin, the iPod Touch with the January 2008 software update.)

Accessing corporate e-mailIBM’s promise of a Lotus Notes client for the iPhone remains unfulfilled. And an Exchange client from Microsoft has yet to rear its head. But, if your business uses either system, you can provide e-mail access via POP3 or IMAP, popular protocols that many businesses already support. In either case, the iPhone’s Mail setup is where to begin configuring host addresses, user names, passwords, and SSL authentication.

A tip for Exchange: Even though the Mail setup includes an Exchange pane, don’t use it. Use IMAP instead; the Exchange pane doesn’t work. (Even Apple’s support pages say to use the IMAP pane.)

Many businesses prefer IMAP over POP3 because IMAP provides greater control over message management, such as keeping the mail folders synchronized as mail is moved on any client. The iPhone will connect to the IMAP server and detect most settings automatically, making setup easy in most cases.

You can adjust the SSL settings, IMAP path prefix, server port, and other such settings by scrolling down to the Advanced portion of an individual mail account’s setup area. Note that the iPhone’s SSL options have been significantly enhanced from the first iteration’s number-only token scheme.

What you can’t do with the iPhone -- out of the box, anyhow -- is get the BlackBerry’s push-based approach to e-mail, in which the mail server sends messages to the device rather than requiring the device to query the server to gain access to new messages. This push-based approach makes it harder for someone to spoof the e-mail server. To push e-mail to an iPhone (or most other mobile devices), you need a mobile server such as those from Visto and Synchonica; these integrate with your Exchange or Domino server.

The iPhone also doesn’t support Microsoft’s Direct-Push approach (aka ActiveSync on Windows Mobile and Palm OS devices), which leaves the connection between the OWA (Outlook Web Access) server’s mail port and the mobile device open so that new messages are instantly visible. (The iPhone does use OWA as its connection to Exchange, just as Microsoft’s Entourage e-mail client does for the Mac OS.) Instead, you’ll have to live with the iPhone’s periodic mail checks (15 minutes is the shortest period, though you can easily find SSH hacks on the Web to reduce that window.) Rumors have been flying for months that Apple has licensed ActiveSync from Microsoft; maybe we’ll find out on Thursday whether that rumor is true.

Accessing calendars and other shared dataThe biggest issue Exchange and Notes shops will face in business-enabling the iPhone is providing access to calendars, address books, and other PIM data beyond e-mail.

Calendars and contacts can be synchronized between Exchange and the iPhone, but this must be done through iTunes, meaning you will need a PC or Mac to act as an intermediary.

For Windows (XP or Vista) shops tapping Outlook 2003 or 2007, syncing is straightforward through iTunes. Connect the iPhone to your intermediary PC and select it in iTunes’ Devices list. Open the iTunes device Info pane and choose the calendars and contact sources you want to sync. If you have problems, consult Apple’s common fixes.

On the Mac, use the built-in iCal and Address Book software as the way station, and then configure Entourage to sync with them (use the Sync Services pane of the Preferences dialog box). In iCal, you must create and use a calendar called Entourage for any entries you want synced to Exchange. (And Exchange calendar items will be placed in iCal in the Entourage calendar as well.) Then, with your iPhone physically connected and selected in iTunes’ Devices list, open the Info pane to choose the calendars and contact sources to be synced. All three programs -- Entourage, iCal, and iTunes -- must be set up properly for this ménage à trois to work.

A tip: In Entourage’s preferences, choose whether to sync your server’s calendar or your local calendar. If you change this setting, it’s very likely that your calendar will stop syncing. It turns out the issue is in iCal: You’ll see multiple Entourage calendars listed (one for each time you changed the setting in Entourage). Delete all but the “real” Entourage calendar (you can right-click on a calendar and choose Delete from the contextual menu).

Likewise, for Notes on the Mac, iTunes is the go-between, as described for Exchange -- and you will need a separate app such as Information Appliance Associates’ PocketMac GoBetween to make iCal and Address Book sync with Notes. Ironically, there doesn’t appear to be a way to get calendar and address book data from Notes to the iPhone in Windows. If IBM follows up on its promise to ship a Notes client for iPhone, there’ll be no need for a third-party app or other work-around.

You can, of course, access calendar and contact data without connecting through the desktop by tapping Exchange or Notes Web access via the iPhone’s Safari browser. Unfortunately, navigating those desktop-oriented pages even in the iPhone’s fairly large screen makes this method a somewhat frustrating quick fix.

Another access issue to consider is that the Safari browser in the iPhone does not support Java or ActiveX, so Web pages that use these applet-delivery technologies won't run on the iPhone. ActiveX is a Microsoft technology available only on Windows, so the iPhone's lack of support mirrors the Mac's lack of support, but the lack of the cross-platform Java technology on the iPhone is less justifiable for Apple.

Securing the iPhoneThe biggest issue for IT when it comes to the iPhone is security, even with the availability of SSL authentication for securing e-mail connections. Make sure your Exchange or Domino server requires SSL and one of these SSL options: MD5 challenge-response, NTLM, or HTTP MD5 digest. The iPhone also supports password-based SSL authentication, but that can be more easily spoofed than the other options.

All SSL does, however, is encrypt e-mail messages, not any other traffic between the iPhone and the company's servers. Typically, you would mitigate this concern by using a VPN client -- or a BlackBerry or Motorola GoodLink server and its proprietary secured network -- as the conduit to safeguard all traffic with the iPhone.

The iPhone didn't originally support VPNs, but Apple added that capability via a software upgrade in late 2007. The iPhone’s VPN capabilities are solid -- comparable to Windows Mobile and Palm OS devices -- with a choice of L2TP and PPTP protocols and support for EMC RSA Security’s SecurID key-based authentication. (You access those through the General preference pane’s Network option.) But the iPhone VPN client does not work with all VPNs; Cisco-based VPNs in particular are incompatible unless they are set specifically for Mac OS X and iPhone compatibility.

And there are three security issues for which the iPhone decidedly falls short, when compared with Windows Mobile, Palm OS, and BlackBerry.

First, the iPhone does not provide device encryption, meaning that any data stored on the iPhone can easily be obtained by a thief. With nearly 16GB visible to PCs as an external drive when connected over USB, the iPhone can store a lot of could-be precious corporate data.

Second, password protection on the iPhone is scant. More than providing a four-digit maximum for passwords, the iPhone provides no way to enforce password use or policies, as users can simply turn the password feature off.

Third, the iPhone’s lack of a remote lock or kill feature leaves IT in the lurch if the device is stolen or lost.

Until Apple adds these capabilities to the iPhone, or third parties find a way to add them, IT will have to decide whether these three security shortfalls justify banning the iPhone from the enterprise. A good way to judge that is to make an honest assessment: Are you as tough on USB thumb drives, smartphones, and work-at-home users’ PCs as you want to be on the iPhone?

InfoWorld executive editor Galen Gruman analyzes the latest issues in mobile technology and the consumerization of IT. He has also written or co-written more than 40 how-to books, on iOS, iPad, Windows 8, OS X, and desktop publishing.